Sebastiaan L. Zoutendijk wrote: > Dear Dale, > > On Friday 5 June 2020, 11.37pm -0500, Dale wrote: > >> Is this a secure method or is there a more secure way? Is there any >> known issues with using this? Anyone here use this method? Keep in >> mind, LVM. BTFRS, SP?, may come later. > Another thing to keep in mind: if you only encrypt your /home, it is > possible that some data leak out of the encrypted volume. For example, > if you use swap, then the decrypted contents of /home residing in RAM > can be swapped out. If you want to protect yourself against that, you > will need to encrypt the swap volume as well. The same could happen with > temporary files, so /tmp and /var/tmp might also need special treatment. > Aside from encrypting, tmpfs is another possibility here. > This problem is similar, but slightly different, to that described > by J. Roeleveld. Here I am talking about the contents of your files > leaking, instead of the LUKS keys. > If you are going to encrypt multiple filesystems, you can either > make separate LUKS volumes for each of them (each LUKS volume being > inside a partition or LVM volume, for example), or you can create one > LUKS volume with several LVM volumes inside. > > Sincerely, > > Bas > > > -- > Sebastiaan L. Zoutendijk | [email protected] > >
That's something to think on. Right now, I'm going sorta simple and data that if I forget the password, I still got copies of. No big loss. Later on tho, that info could come in handy. I know a guy that has his locked down tight. I suspect everything is password protected. He was in China for a bit and it was sort of a requirement. Off to youtube. Dale :-) :-)
